Cisco Secure Cloud Analytics [EOL] Reviews

We are using Cisco Secure Cloud Analytics, also known as Cisco's WatchCloud, to monitor user activity in the cloud. 

Specifically, we are looking for users who are uploading or downloading data beyond their certain cycle limit. If we detect any suspicious activity, we receive an alert and investigate. So, basically, we are analysts. We are labor to analyze, and we are only analyzing data. And we can fine-tune something. And if we are getting alerts, then we can fine-tune it.

We have found the behavior analysis feature to be the most valuable.  From this tool, if any user is uploading data from a third-party cloud or anywhere outside our native cloud, then we will get alerts so we can analyze behavior. This is the most beneficial feature for us. If a user has a connection limit of only 10,000 connections per day and we are getting 50,000 connections, then the tool will generate an email. So, this behavior analysis is very good.

Cisco Stealthwatch Cloud will be used in our network to monitor our network. We intend to automate the action and response when we are facing a threat.

I have been using Cisco Stealthwatch Cloud for a short time.

We use the product to understand network traffic and visibility. 

The tool's best feature is its ability to monitor network traffic. It will also inform users whether the traffic generated by a network is legitimate. The tool helps to capture and analyze the network traffic. 

I have used Stealthwatch Cloud in the insurance sector for what we call the software mapping and automating it with other systems to have a level of visibility. Additionally, we use it for incidents response, forensic analysis, and segmentation of the IT architecture.

Cisco Stealthwatch Cloud is typically on the cloud because most of the companies choose it. However, for the government sector, I've used it on-premise, which is the Central Bank of Kenya.

One of my clients Cisco Stealthwatch Cloud wanted to map their IT architecture and have visibility. Additionally, they wanted to do API integration with the next-generation firewalls with IPA's and the cross integration with the antivirus, digital forensic discovery solution that they have within the bank. They wanted to see, how they would automate the IT architecture using Cisco Stealthwatch Cloud.

In case there is a threat the client needs to do automated incident response, and the solution can act on its own. We do a few tests which are very vital, such as formulated policies. We can see what is on the document, on the ground, and how the policy affects the whole IT architecture. We did those kinds of tests and it went live by automating Cisco Stealthwatch Cloud with a cloud solution and other solutions that they had. We were able to prevent an electric fraud of almost $200,000.

The logs in Cisco Stealthwatch Cloud are very good when doing the API integration in the team. It is able to give you important information for the correlations.

I use the solution to convey critical action and defeatability. 

The product helps me to see malware. 

It's a network analytics solution. It gets logs from different network systems such as switches, routers, and firewalls, and correlates those logs to give you meaningful insights. For example, it gives you insights into whether any device has been communicating with any bad or malicious IP address on the Internet or dumping any data outside. In a nutshell, it analyzes your traffic and gives you meaningful information about what's happening in the environment.

There are certain dashboards that show you, for example, the top five or the top six bad things that might happen in the environment. It tells you if there is any communication going to command and control servers, or if there is any traffic that violates your internal policy, or if any data hoarding is happening where data is being dumped from your machine to outside of the environment. It provides all such meaningful reports to help you understand what's happening.

We are global distributors of Cisco Stealthwatch Cloud, we sell the solution to integrators. We usually have a team of engineers, that's the part I work with, to make sure that everything is done together with Cisco. So we work directly with the Cisco team. It's usually deployed in the cloud most of the time. Everything is moving to the cloud.

Mostly it's just to monitor the traffic, making sure you have the visibility, that you are able to do the incidence cross path. There are the kinds of reports and visibility, it's very important.